When I login successfully, from my logging I can see it calling my serializeUser callback with the user object. However, req.isAuthenticated() then returns false and I end up back at the login page (note I never see my deserializeUser callback being called by passport when I try to load a view).

I'm not specifying any store, so you are right, I'm using the memory store. This is just a dev environment, I have no cluster running. I think I misunderstood the cookieParser() directive! I still have the issue of isAuthenticated() returning false though ...

I am using a Chrome incognito window so it doesn't keep any state, the first time through, when I go to /home there is nothing in the cookies (i.e. no connect.sid). At that point, it redirects to /login and the dump is as above. Even after I post to /login and then redirect to /home, the dump is like this. The passport hash is always empty.

I added some additional tracing and after calling passport.authenticate, then calling req.logIn in the callback, in the success part of the logIn callback (I added a 'HERE' comment in the code above), I see this: